According to Allen Paller, director of research at the SANS Institute, 95 percent of all attacks on enterprise networks are the result of successful spear phishing. In other words, somebody received an email and either clicked on a link or opened a file that they weren't supposed to.
For example, Chinese hackers successfully broke into computers at The New York Times through spear phishing. So what are the steps that IT execs can take to protect enterprise networks from spear phishing?
[MORE SCAMS: Tis the season for tax scammers]
Jim Hansen of PhishMe, a company that provides anti-phishing training programs, says most spear phishing attacks take one of two tacks -- they either appeal to human greed or fear. In other words, either they offer money, coupons, discounts or bargains that are too good to be true. Or they announce that your checking account or eBay account has been frozen and you need to re-enter your credentials, or some other scenario in which you are required to enter personal information .... or else.
While regular phishing typically involves unsophisticated mass mailings, spear phishes can appear to come from your own IT department, from your own payroll department, from a friend or colleague.